Perhaps this is the answer:
http://www.codeproject.com/Articles/30815/An-Anti-Reverse-Engineering-Guide
Look for the "bad boy."
Let me insert this four and a half years after the fact to satisfy the moderator:
Three types of breakpoints are available for the reversing engineer: hardware, memory, and INT 3h breakpoints. Breakpoints are necessary for the reverse engineer, and without them a live analysis of the module does little good for him or her. Breakpoints allow you to stop program execution at any point where it is located. Using this, reverse engineers can set breakpoints in areas such as the Windows API, and can very easily find where the message is badboy (message for example, you entered an unsuccessful series, for example). In fact, this is probably the most used cracking method, the only competition is link-based text string search. This is why checkpoint checks are performed on important APIs such as MessageBox , VirtualAlloc , CreateDialog and others, which play an important role in the process of protecting user information. The first example will cover the most common type of breakpoint that the INT 3h instruction uses.